today with @Brumens2 we received a 50,000€ reward for discovering a bug in a public program !! don't be shy, go hunt in public programs too.@yeswehack ʚ(｡˃ ᵕ ˂ )ɞ

just dropped a new article about my current way of setting up an android bug bounty lab ヾ(˶ᵔ ᗜ ᵔ˶) . it’s the setup I use myself, and I’ve found nice web bugs on android apps with nothing more than a rooted pixel, frida, and some traffic interception.

Join millions who have switched to Grok.

RT @yeswehack: Want to hack mobile applications? 📱. We’ve just published the ultimate guide to building an Android #BugBounty lab with emul….

RT @yeswehack: In the latest #TalkiePwnii, @pwnwithlove takes on a Dojo challenge about predictable tokens & YAML deserialization in Python….

RT @albinowax: The whitepaper is live! Learn how to win the HTTP desync endgame. and why HTTP/1.1 needs to die:

RT @yeswehack: In the latest #TalkiePwnii, @pwnwithlove dives into Hex Color Palette, a Dojo challenge she created 🎨. From XXE exploitation….

in lxml <= 5.3.2 with libxml2 2.12.x, XXE using parameter entities was possible due to libxml2 behavior - allowing indirect overrides of local DTDs. this worked even without resolve_entities, since libxml2 expanded parameter entities anyway :). it didn���t really make noise since.

RT @yeswehack: Want to get more out of @CaidoIO for your #BugBounty workflow? There might be a surprise in the video. 🎁. In Part 2 of our….

RT @CristiVlad25: Good writing here by @yeswehack. When I get nostalgic on recon, I often 'dig' into the past using some variation of what'….

RT @yeswehack: 📱 Want to pwn Android apps from the inside? Let’s talk about Drozer, one of the most powerful tools for Android app security….

RT @_k4non: なんか死ぬほど踊ったきがする.

RT @yeswehack: In the latest episode of #TalkiePwnii, @pwnwithlove analyses Ruby Treasure, a Dojo challenge by @Brumens2 💎. From regex bypa….

RT @yeswehack: Know much about finding and exploiting path traversal or arbitrary file read vulnerabilities? 🤔. Learn practical attacks lev….

i've made some android challenges - feel free to check them out if you're into that kind of stuff! they’re pretty rare in most CTFs :p. the last one is based on a real bug bounty I reported, and is linked to a real application I can control ;)

RT @torproject: @Skyyyuh no idea.

RT @yeswehack: Curious to find out how @CaidoIO could fit into your #BugBounty workflow? 🐞. In this special episode of #TalkiePwnii, @pwnwi….

RT @uwu_underground: Fuck @firefox.

RT @pentest_swissky: OwnAppV2, Proxying and Reversing a Flutter apk | BreizhCTF WU - @pwnwithlove .

i’m doing videos about writeups, i hope you’ll enjoy! this one is about python format string injection, and you can find more on the youtube channel ٩(^ᗜ^)و.

RT @yeswehack: 📱 Want to find bugs in Android apps? Android apps are often included in our scopes. Frequently overlooked, they offer some v….

a few weeks ago, I received an award for a critical vulnerability submitted on @yeswehack -- Path Traversal (CWE-22) (˵>ᗜ<˵)! !! . this thread is literally how I discovered this vulnerability :p